What Do I Need To Know About Source Code Leaks?

Leaked source code happens a lot more frequently than most of our clients care to admit. Often, many clients are surprised when they begin using ClawBack™ to hunt for and take down leaked source code, configuration data and credentials. Most customers tell us they expect not to find anything at all, and many times they are simply astounded when their initial monitoring reports find critical examples of leaked source code out in the wild.

At MSI, however, we’re not surprised when these things happen. After all, that’s why we built ClawBack to begin with. We were tired of working incident after incident and breach after breach that resulted from these leaks. We knew we had to create a better way for our clients to stay on top of leaked source code, configurations and credentials.

Why Source Code Matters

When we talk about leaked source code with clients, most are worried about the loss of intellectual property. That’s a fair risk assessment, and the impacts can be long standing. Take for example, the leak of RSA source code in 2011, that underlined their flagship SecureID product, and was perpetrated via an external hacking team. The SecureID token is used to add a layer of security into the login process for corporate networks and applications. This meant that the very heart of security in an organization that used these tokens was at risk. In the end, RSA had to replace all of the SecureID devices in circulation. The cost to RSA hit $66 million in terms of replacing the physical tokens. However, other intangible costs such as reputation have a longer and less quantifiable reach. (stop-source-code-theft.com)

But, while we know that intellectual property loss can be an issue, we’ve seen many breaches stem from leaked code. In fact, an estimated 75% of security breaches are enabled when developers code secret access keys and passwords into source code. (assembla.com) We’ve seen it time and time again, across verticals from manufacturing to healthcare and from banking and finance to critical infrastructure. Source code leaks are often a powerful tool of the attacker.

How Source Code Leaks

External hackers are certainly a significant threat to source code security, as seen in the RSA leak above. But hackers are responsible for a far smaller percentage of leaks than you would expect. Instead, the majority of source code leaks come from human mistakes. 

According to Wikipedia, source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files through exploits, software bugs , or employees that have access to the sources or part of them revealing the code. (en.wikipedia.org) We agree with this stance, since the majority of leaks ClawBack finds for clients end up getting traced back to misconfigurations of IDE plugins or developers not checking carefully which code repository they are committing their code to. 

Yet another common root cause of code leaks found by ClawBack has been developers sharing code they developed at different companies as a part of their resume and portfolio. While this is very common for freelancers, consultants and contractors, several significant leaks have also been traced back to the portfolios of full-time employees.

A good source code security awareness program and ongoing auditing of plugins, configurations and repositories are strong controls to reduce these risks. After all, as several firms have found out the hard way, even approved and well-known code repositories, that began as open source contributions or accepted projects for sharing with the public, can drift into leaking critical confidential data before you know it. That’s why keeping an eye on all repositories, even the ones fully approved to be public, is essential. If you need help with any of these controls, don’t worry, MicroSolved is here to help with any or all of them.

How Can ClawBack Help With Leaked Code?

ClawBack stands ever-vigilant, continually searching for and hunting down code that leaks from your organization. You configure monitoring terms, using MSI’s documented process, experience and guidance, and set ClawBack to work. Since it serves as an independent third party, it doesn’t rely on monitoring your network or workstations like traditional Data Leak Protection (DLP) products. In fact, almost all of our clients have extensive DLP instances, but still find leaked code. Traditional DLP often focuses on common PII/PHI data types, and even more concerning, the majority of the leaks our clients have found with ClawBack actually get traced back to origins outside of the company network and computing environment – a fact that renders traditional DLP powerless.

ClawBack monitors for your terms in the most common areas of the Internet where source code leaks occur. It searches thousands of code repositories, product support sites, question and answer forums and other nooks and crannies of the web where code samples and such are likely to end up. Once identified, ClawBack alerts you to the presence of your critical data and provides advice on “clawing back” that critical information with takedown requests and search engine cleanup.

Overall, ClawBack serves clients as a watchful eye for leaked source code. It can mean the difference between code being available for minutes versus years, and between a leak and a breach. If you’d like to learn more about ClawBack, give us a call today (614-351-1237) or drop us a line (info@microsolved.com). We’d love to tell you how ClawBack can work for you! 

Massachusetts Getting Tough On Data Breach Law

From Slashdot:

“A Massachusetts restaurant chain was the first company fined under the state’s toughest-in-the-nation data breach law, according to a statement by the Massachusetts Attorney General. The Briar Group, which owns a number of bars and restaurants in Boston, is charged with failing to protect patrons’ personal information following an April, 2009 malware infestation. It was ordered to pay $110,000 in penalties and, essentially, get its *&@! together. Among the revelations from the settlement: Briar took six months to detect and remove the data stealing malware, continuing to take credit and debit cards from patrons even after learning of the data breach, said Massachusetts Attorney General Martha Coakley.”

Full Story

This is exactly why we developed our latest addition to our HoneyPoint family of products: HoneyPoint Wasp. It is a great way to monitor Windows-based desktops with minimal fuss, decreasing help desk calls while allowing the IT department to quickly take action when malware is detected. Learn more about HoneyPoint Wasp.